Description

A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Related CPE's

a

qemu

qemu

3

o

debian

debian_linux

10.0

Vulnerable

References

http://www.openwall.com/lists/oss-security/2021/04/16/3

Mailing ListThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1909769

Issue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202208-27

Third Party Advisory

https://security.netapp.com/advisory/ntap-20210713-0006/

Third Party Advisory

https://www.openwall.com/lists/oss-security/2021/04/16/3

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/04/16/3

Mailing ListThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1909769

Issue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202208-27

Third Party Advisory

https://security.netapp.com/advisory/ntap-20210713-0006/

Third Party Advisory

https://www.openwall.com/lists/oss-security/2021/04/16/3

Mailing ListPatchThird Party Advisory

Weaknesses

[email protected]

Secondary
CWE-476

[email protected]

Primary
CWE-476

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

4.4 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-05-28T09:15:07.790Z

4 years ago

Last modified

2024-11-21T04:27:26.963Z

1 year ago